DSN_PRIVILEGES and EFFECTIVE_DSN_PRIVILEGES

Displays privileges for users and groups on each data source name (DSN) and indicates inheritance. Both views show all direct (explicit) and inherited privileges based on the privileges of the user and group, or its group membership.

The DSN_PRIVILEGES result set contains rows for users and groups that have the CONNECT privilege explicitly set on either the server, service, or DSN. If a user or group does not have any direct privilege, it will not be shown in this view. It is a condensed view of the EFFECTIVE_DSN_PRIVILEGES view.

The EFFECTIVE_DSN_PRIVILEGES result set contains rows for all users and groups that have any privilege directly set or a privilege can be derived from its group membership. For example, if a user does not have any privileges set on any of the SAS Federation Server objects, the user will still be in the result set if the user is a member of a group that has a direct privilege set.

Note: Both of these views can return very large result sets depending on the configuration of SAS Federation Server. Subsetting on DATA_SERVICE, CATALOG_NAME, and/or SCHEMA_NAME can reduce the size of the result set.

Name	Type	Description
DSN_NAME	VARCHAR(256)	Specifies the unique name of the DSN.
DATA_SERVICE	VARCHAR(256)	Specifies the name of the data service.
GRANTOR_ID	VARCHAR(256)	Specifies the AuthID of the user that granted or denied the privilege.
GRANTOR	VARCHAR(256)	Specifies the name of the user who is granted or denied the privilege.
GRANTOR_TYPE	CHAR(1)	Specifies the grantor type as U (User) or R (Role).
GRANTEE_ID	VARCHAR(256)	Specifies the AuthID of the user that is granted or denied the privilege.
GRANTEE	VARCHAR(256)	Specifies the name of the user who is granted or denied the privilege.
GRANTEE_TYPE	CHAR(1)	Specifies the grantee type as U (User) or G (Group).
PRIVILEGE_NAME	VARCHAR(20)	Specifies the privilege name: SELECT UPDATE INSERT DELETE EXECUTE REFERENCES CREATE TABLE ALTER TABLE DROP TABLE CREATE VIEW ALTER VIEW DROP VIEW
PRIVILEGE_TYPE	VARCHAR(5)	Specifies the privilege type as GRANT or DENY.
GRANTABLE	CHAR(1)	Specifies if the user can grant this privilege to other users. The only valid value is N (No).
INHERITED	CHAR(1)	Indicates whether the privilege is inherited as either Y or N.
SOURCE_OBJECT_LEVEL	INTEGER	Specifies the object level where the privilege is inherited, as one of the following values: 0 — Server 1 — Data service 2 — DSN
SOURCE_GRANTEE_ID	VARCHAR(256)	Specifies the AuthID of a group or user from which the privilege is derived.
SOURCE_GRANTEE	VARCHAR(256)	Specifies the name of the group or user from which the privilege is derived.
SOURCE_GRANTEE_TYPE	CHAR(1)	Specifies the source_grantee type U (User) or G (Group).

Last updated: March 6, 2018